hide .js product URL pages

Shopify Discussion

Topic summary

A developer using the Dawn theme is trying to hide product prices from non-logged-in users but discovered a vulnerability: appending .js to any product URL exposes product data, including prices, in JavaScript/JSON format.

Attempted Solutions:

  • Implemented apps to restrict pricing visibility
  • Modified product schema/SEO code
  • Tried various redirect codes to block .js URLs (unsuccessful)

Current Status:

  • The issue persists across all Shopify themes, even with Shopify Plus
  • .js pages appear to load directly from Shopify servers, bypassing redirect rules
  • Deployed Cloudflare DNS to restrict bots/crawlers from accessing .js endpoints
  • Using Cloudflare provides better control than robots.txt

Key Finding:
This appears to be a platform-wide Shopify behavior affecting all stores. The developer periodically revisits the problem but has found no complete solution yet. Another user confirmed experiencing the same issue.

Summarized with AI on October 24. AI used: claude-sonnet-4-5-20250929.
1

Hello, I am using the Dawn theme and am almost there accomplishing my goal to hide prices to non-customers.

  • I have apps that restrict from viewing pricing on the Shopify website unless you are logged in
  • I have redone the products-main code so that I can hide the prices from schema/seo

I now have an issue where any product url can be access by adding a .js at the end of the url and it will give your the javascript output of the product that includes the price… I have been searching for answers for hours and trying various codes to try to redirect .js url’s to 404 with no success. Does anyone have any suggestions on how I can make product.js URL pages unaccusable.

2

Hi @keulono , are you a developer, it seems you are code savvy, let me know if you are able to make changes I will share a lengthy process

3

I am a dev albeit I rely a lot on Google to help me accomplish a lot haha.

4

If you can, please share this process as this seems to be any Theme I pick that has this issue.

5

Hi @keulono
Did you manage to fix that issue ? I have the same !
thanks a lot

6

Seems like even with Shopify Plus this is an issue. I think it may be on the roadmap in the future but for now I have deployed cloudflare for DNS I can restrict google and AI chatbots from crawling/accessing the .js websites. Much better controls than using robots.txt for these things. Where I am at now is that I believe the .js pages are loading directly from Shopify as even if I setup redirect rules to 404 if a .js page is accessed, the rule is ignored and the .js page loads directly.

7

Every few months I throw a couple hours to see if any changes have been made but so far nothing. Perhaps next month I will spend a few days and start from scratch to see if I can find something.

8

I’ve visited several websites made on Shopify and they all have that behavior, allowing a product page with .JS :roll_eyes: Strange but seems to be for all website.
I look give a look to Cloudflare, thanks a lot for your swift reply !